Description of problem: genhomedircon creates entries in /etc/selinux/targeted/contexts/files/file_contexts.homedirs to setup SELinux labels for /home, /root,... If one use has $HOME set to /usr/local/$USER, genhomedircon also add entries for /usr/local. This is conflicting with existing entries in file_contexts. Users see warning messages about duplicate entries: /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /usr/local/lost\+found/.*. /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /usr/local/\.journal. /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /usr/local/lost\+found. Version-Release number of selected component (if applicable): policycoreutils-1.33.12-12.el5 How reproducible: always Steps to Reproduce: 1. create a new user with $HOME in /usr/local: useradd -d /usr/local/test test 2. execute genhomedircon to update file_contexts.homedirs genhomedircon 3. login to localhost with ssh: ssh localhost (this is only an example, other commands also throw warning messages) Actual results: warning messages (see above) Expected results: no warning message Additional info: genhomedircon should not create entries for directories which are already included in file_contexts.
Too late to put this into U2, Should be fixed in U3. For now, don't do that. Homedirs should not be in /usr/local. If you have a service with a homedir in /usr/local, it should have a shell of /sbin/nologin or /bin/false. And/or have a UID < 500.
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
Fixed in policycoreutils-1.33.12-14.1.el5
Fixed in policycoreutils-1.33.12-14.2.el5
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-0206.html